wang-jiahua commented on code in PR #10448:
URL: https://github.com/apache/rocketmq/pull/10448#discussion_r3386207441
##########
remoting/src/main/java/org/apache/rocketmq/remoting/protocol/RequestCode.java:
##########
@@ -311,4 +311,7 @@ public class RequestCode {
public static final int AUTH_LIST_ACL = 3010;
public static final int SWITCH_TIMER_ENGINE = 5001;
+
+ public static final int DELETE_TOPIC_IN_BROKER_LIST = 5002;
+ public static final int DELETE_SUBSCRIPTIONGROUP_LIST = 5003;
Review Comment:
Good catch — fixed in 53cda760b.
Took the second alternative you suggested (teach the authorization builder
to parse the body): added explicit cases for `DELETE_TOPIC_IN_BROKER_LIST` and
`DELETE_SUBSCRIPTIONGROUP_LIST` in
`DefaultAuthorizationContextBuilder.build(ChannelHandlerContext,
RemotingCommand)`, mirroring the existing `LOCK_BATCH_MQ` / `UNLOCK_BATCH_MQ`
pattern. Each topic / group in the body now produces its own `Action.DELETE`
authorization context, blank entries are skipped, and the `rpcCode` is stamped
accordingly. Annotated headers were not added because `CommandCustomHeader`
cannot natively carry a `List<String>`, and the new bodies
(`DeleteTopicListRequestBody` / `DeleteSubscriptionGroupListRequestBody`)
already carry the full target list.
Covered by new assertions in
`DefaultAuthorizationContextBuilderTest.buildRemoting` (validates one DELETE
context per non-blank topic/group, correct `ResourceType`, and stamped
`rpcCode`).
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: [email protected]
For queries about this service, please contact Infrastructure at:
[email protected]
